Many enterprises permit associates to bring their personal laptop or computer to work and use that laptop as their company computer, use personal computers at home while working on corporate information, or allow contractors to use personal computers in their work in lieu of a company machine. In some cases, having an employee or contractor use their personal computer for work-related computing may result in employees and contractors storing sensitive company documents and application information to their generally unsecure personal computers. Memory on a personal laptop is typically unmanaged and it may be difficult to enforce security policies when a user is not logged into a company network. Furthermore, in some examples, laptop computers may be more easily stolen or hacked than corporate computers protected by security policies and firewalls.
One solution to this problem includes providing users with encrypted virtual hard disks that may be mounted as if they were physical disks. The user may use a password, known only to them, that allows them to decrypt the disk and mount it for use. Corporate data may be stored to the encrypted volume, preventing access by malicious third parties. While this adds security, there may still exist some risks. For example, the corporate enterprise, who may actually own the data, may be unable to access the encrypted disk without the user's password. This may be particularly relevant where the encrypted virtual hard disk is stored on a cloud service, such as the DROPBOX web-based file hosting service operated by DROPBOX, INC. of San Francisco, Calif., or in other instances where the enterprise may want to recover data without requiring the user or contractor's cooperation. Second, if the user forgets their password, an administrator may not be able to recover the encrypted data. While the enterprise may store user passwords in a central database, allowing them to decrypt the image in case the user forgets their password, this requires transmission of passwords over a network where they may be intercepted, thereby significantly compromising security.
Thus, systems and methods are needed to secure encrypted virtual hard disks and centrally manage encryption keys.